"Heartbleed" bug in Web security exposes passwords to hackers

A major new vulnerability called Heartbleed could let attackers gain access to users' passwords and fool people into using bogus versions of Web sites. Some already say they've found Yahoo passwords as a result.

The problem, disclosed Monday night, is in open-source software called OpenSSL that's widely used to encrypt Web communications. Heartbleed can reveal the contents of a server's memory, where the most sensitive of data is stored. That includes private data such as usernames, passwords, and credit card numbers. It also means an attacker can get copies of a server's digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.

Security vulnerabilities come and go, but this one is extremely serious. Not only does it require significant change at Web sites, it could require anybody who's used them to change passwords too, because they could have been intercepted. That's a big problem as more and more of people's lives move online, with passwords recycled from one site to the next and people not always going through the hassles of changing them.

Yahoo said just after noon PT that it fixed the primary vulnerability on its main sites: "As soon as we became aware of the issue, we began working to fix it. Our team has successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr, and Tumblr) and we are working to implement the fix across the rest of our sites right now. We're focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users' data."

However, Yahoo didn't offer advice to users about what they should do or what the effect on them is.

Developer and cryptography consultant Filippo Valsorda published a tool that lets people check Web sites for Heartbleed vulnerability. That tool showed Google, Microsoft, Twitter, Facebook, Dropbox, and several other major Web sites to be unaffected -- but not Yahoo. Valsorda's test uses Heartbleed to detect the words "yellow submarine" in a Web server's memory after an interaction using those words.

Other Web sites shown as vulnerable by Valsorda's tool include Imgur, OKCupid, and Eventbrite.

The vulnerability is officially called CVE-2014-0160 but is known informally as Heartbleed, a more glamorous name supplied by security firm Codenomicon, which along with Google researcher Neel Mehta discovered the problem.

"This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users, and the actual content," Codenomicon said. "This allows attackers to eavesdrop communications, steal data directly from the services and users, and to impersonate services and users."

To test the vulnerability, Codenomicon used Heartbleed on its own servers. "We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, usernames and passwords, instant messages, emails and business critical documents and communication," the company said.

However, Adam Langley, a Google security expert who helped close the OpenSSL hole, said his testing didn't reveal information as sensitive as secret keys. "When testing the OpenSSL heartbeat fix I never got key material from servers, only old connection buffers. (That includes cookies though.)," Langley said on Twitter.

One of the companies affected by the vulnerability was password manager LastPass, but the company upgraded its servers as of 5:47 a.m. PT Tuesday, spokesman Joe Siegrist said. "LastPass is quite unique in that nearly all your data is also encrypted with a key that LastPass servers never get -- so this bug could not have exposed customer's encrypted data," Siegrist added.

The bug afflicts version 1.0.1 and 1.0.2-beta releases of OpenSSL, server software that ships with many versions of Linux and is used in popular Web servers, according to the OpenSSL project's advisory on Monday night. OpenSSL has released version 1.0.1g to fix the bug, but many Web site operators will have to scramble to update the software. In addition, they'll have to revoke security certificates that now might be compromised.

OpenSSL is one implementation of the encryption technology variously called SSL (Secure Sockets Layer) or TLS (Transport Layer Security). It's what keeps prying eyes out of communications between a Web browser and Web server, but it's also used in other online services such as email and instant messaging, Codenomicon said.

LastPass has used perfect forward secrecy for the last six months, but is assuming its certificates could have been compromised before that. "This bug has been out there a long time," Siegrist said. "We have to assume our private keys were compromised, and we will be reissuing a certificate today."

Stephen Shankland writes about a wide range of technology and products, but has a particular focus on browsers and digital photography. He joined CNET News in 1998 and has also covered Google, Yahoo, servers, supercomputing, Linux, other open-source software, and science. E-mail Stephen, follow him on Twitter at http://www.twitter.com/stshank, or contact him through Google Buzz.